By GRCEngClub
Manage cloud security compliance with CSA CCM v4.0: assess readiness, generate CAIQ responses, implement controls, map to other frameworks (ISO 27001, SOC 2, PCI-DSS, NIST), and produce evidence checklists for AWS, Azure, GCP.
CSA CCM compliance assessment for cloud security controls
Generate CAIQ (Consensus Assessments Initiative Questionnaire) responses
Deep dive guidance on CSA CCM domains and control objectives
Generates comprehensive evidence collection checklists for CSA CCM v4 controls, optimized for cloud-native environments (AWS, Azure, GCP) with STAR attestation guidance.
Map CSA CCM controls to other compliance frameworks
Own this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimOwn this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimBased on adoption, maintenance, documentation, and repository signals. Not a security audit or endorsement.
npx claudepluginhub grcengclub/claude-grc-engineering --plugin csa-ccmDeploy a serverless trust center to publish your company's compliance posture. Supports AWS deployment with S3, CloudFront, Lambda, DynamoDB, Cognito, and WAF.
FedRAMP Rev 5 Plugin - Traditional authorization path with SSP/SAP/SAR/POA&M documentation and NIST 800-53 Rev 5 control mapping
US Export Controls Plugin - ITAR and EAR compliance for defense and dual-use technologies
ISO 27001 Plugin - Annex A controls, ISMS implementation guidance, and certification support
SOC 2 Compliance Plugin - Trust Service Criteria expertise, Type I/II assessment support, and control mapping
GRC Engineering Plugin - Maps IaC to compliance controls, generates policies, collects evidence, reviews PRs for compliance, and transforms risks to Jira tickets
Prowler for Claude Code — cloud security and compliance skills powered by the Prowler MCP server. Bundles compliance triage and remediation; more skills coming.
GRC (Governance, Risk, and Compliance) domain knowledge — frameworks, controls, audits, evidence, ConMon, cross-framework mappings, document review, and operational workflows. Cloud-agnostic.
Check infrastructure compliance (SOC2, HIPAA, PCI-DSS)
Harness-native ECC plugin for engineering teams - 67 agents, 278 skills, 94 legacy command shims, reusable hooks, rules, MCP conventions, and operator workflows for Claude Code plus adjacent agent harnesses
Comprehensive skill pack with 66 specialized skills for full-stack developers: 12 language experts (Python, TypeScript, Go, Rust, C++, Swift, Kotlin, C#, PHP, Java, SQL, JavaScript), 10 backend frameworks, 6 frontend/mobile, plus infrastructure, DevOps, security, and testing. Features progressive disclosure architecture for 50% faster loading.